Azure AD条件访问-拒绝加入域的设备 [英] Azure AD Conditional Access - Domain Joined Device Denied
问题描述
我已经配置了一个条件访问策略,该策略允许本地加入域的设备从公司网络外部的位置登录到Office 365.但是,每次我尝试登录Office 365门户时,我的登录都会被拒绝,并显示以下内容 错误.
公司网络的公共IP列在命名位置"以及MFA可信IP中.
您无法获得从这里那里
此应用程序包含敏感信息,并且只能从以下位置访问:
· COMPANY域加入的设备.不允许从个人设备访问.
请与管理员联系.
以下信息可能是对您的管理员有用:
- 公司设置的访问规则要求设备必须加入域
- 应用名称:Office 365 Exchange Online
- 应用程序ID:00000002-0000-XXXX-YYYY-000000000000
- IP地址:12.345.678.90
- 设备标识符:XXXXXXXXXXXXXXXXXXXX
- 设备平台:Windows 10
- 设备状态:已注册
- 以以下身份登录 user@domain.com
- 相关ID:XXXXXXXXXXXXXXXXXXXX
- 时间戳:2017-08-29 19:42:53Z
有人有见识吗?
Muditha Jayath Chathuranga
MVP:Office服务器和服务
MCT | MCSE:生产率(章程)| MCSA:Office 365
博客: The Cloud Journal
如果我的回答对您有帮助,请提出建议和/或在适用情况下将其标记为答案.
建议您重新检查Azure门户上进行基于位置的条件访问的配置.
您可以参考 开始使用Azure Active Directory中的条件访问,特别是在Point 10到12上.
- 在位置刀片上,执行以下步骤:
所有位置 .
C.点击排除,然后点击 所有受信任的IP .
Hi,
I have configured a conditional access policy that allows on-premises domain joined devices to login to Office 365 from locations outside of the corporate network. However, every time I try to log in to the Office 365 portal, my login been denied with following error.
The public IP of the corporate network is listed in Named Locations as well as MFA Trusted IPs.
You can't get there from here
This application contains sensitive information and can only be accessed from:
· COMPANY domain joined devices. Access from personal devices is not allowed.
Please contact your administrator.
The following information might be useful to your administrator:
- Access rules set by COMPANY require device to be domain joined
- App name: Office 365 Exchange Online
- App id: 00000002-0000-XXXX-YYYY-000000000000
- IP address: 12.345.678.90
- Device identifier: XXXXXXXXXXXXXXXXXXXX
- Device platform: Windows 10
- Device state: Registered
- Signed in as user@domain.com
- Correlation ID: XXXXXXXXXXXXXXXXXXXX
- Timestamp: 2017-08-29 19:42:53Z
Anyone has any insight?
Muditha Jayath Chathuranga
MVP: Office Servers and Services
MCT | MCSE: Productivity (Charter) | MCSA: Office 365
Blog: The Cloud Journal
If my answer helped you, kindly propose as answer and/or mark as answer where applicable.
Suggest you to re-check the configuration on the Azure Portal for the Location based conditional access.
You may refer to Get started with conditional access in Azure Active Directory, specifically on Point 10 through 12.a. Under Configure, click Yes.
- On the Locations blade, perform the following steps:
b. Under Include, click All locations.
c. Click Exclude, and then click All trusted IPs.
d. Click Done.
---------------------------------------------------------------------------------------------------
Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.
这篇关于Azure AD条件访问-拒绝加入域的设备的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
